Main Menu

Stegano – Malware that all Internet Explorer users be aware of

Researchers have found a malicious malware, called Stegano that has targeted millions of unaware users of Internet Explorer through popular websites. The scariest part about this malware is that it manages to go undetected for two years before anyone manages to detect it.

Stegano’s attacks begin as javascript-infected ads for a screenshot app called “Broxu” and a privacy tool called “Browser Defense”. These ads are then pushed into larger ad networks, and later show up on major news sites that will eventually be visited by millions of unaware users.

When the infected ad shows up, Stegano scans, extracts and then runs a code that exploits an known Internet Explorer vulnerability. Once it confirms that the environment it is running in is indeed vulnerable, Stegano would load a one-pixel iframe offscreen that redirects the user to its landing page.

The moment Stegano knows your machine is vulnerable, it will display a special GIF file that contains cached data. This malware-ridden image can be identified when you zoom into it, as it contains a QR-like code that isn’t particularly noticeable to the naked eye.

Finally, it will perform one last security check that scans for any security software. If the scan fails to detect anything that could expose it, the malware would download and launch the payload, leaving the infected machines with a backdoor, keylogger, screenshot maker and a video maker.

As Stegano relies on Internet Explorer and Flash to work, the simplest precaution is to avoid both. Researchers have also mentioned that the malware can be avoided by having fully patched software, that is, “a reliable, updated internet security solution”.